CVE-2017-7269

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 R2

Description The issue is caused by a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0. This allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request. The vulnerability has been exploited in the wild.

Recommendations For Microsoft Windows Server 2003 R2, apply the necessary patch to fix the buffer overflow vulnerability in the ScStoragePathFromUrl function. As a temporary workaround, consider restricting access to the WebDAV service in IIS 6.0 to minimize the risk of exploitation. Avoid using the If header with long URLs in PROPFIND requests until the issue is resolved.